Google's December 2017 Android Security Bulletin contains a fix for a vulnerability that allows malicious actors to bypass app signatures and inject malicious code into Android apps.